Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1564-1
Solution
Please Install the Updated Packages.
Insight
Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.
Affected
keystone on Ubuntu 12.04 LTS
Severity
Classification
-
CVE CVE-2012-4413 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:P/A:N
Related Vulnerabilities